Why am I getting a "WAFInvalidParameterException" error in AWS WAF?

Short description

If the operation you are performing has parameters that AWS WAF can't recognize, the operation fails and one of the errors that AWS WAF returns is WAFInvalidParameterException. The most common reasons for this error are:

• A parameter name or value specified isn't valid.
• The ARN referenced in the request is from a resource that can't be associated to the web ACL.

Resolution

If the value of a parameter isn't recognized by AWS WAF, you see the following example error message:

An error occurred (WAFInvalidParameterException) when calling the CreateRuleGroup operation: Error reason:<br>The scope is not valid., field: SCOPE_VALUE, parameter: <parameter value>

For example, a Scope parameter value that is other than REGIONAL or CLOUDFRONT returns this error.

To troubleshoot the error, do the following:

1. identify the parameter that has a value that can't be recognized by AWS WAF.
2. Modify the parameter to a value supported by AWS WAF. For supported values, see AWS WAFV2 API Reference.

AWS WAF can be associated with an Amazon CloudFront distribution, Amazon API Gateway REST API, Application Load Balancer, or AWS AppSync GraphQL API. If you try to associate with a different resource type, you see the following example error message:

An error occurred (WAFInvalidParameterException) when calling the AssociateWebACL operation: Error reason:<br>The ARN isn't valid. A valid ARN begins with arn: and includes other information separated by colons or slashes., field: RESOURCE_ARN, parameter: <resource arn>

To troubleshoot the error, do the following:

1. Identify the parameter that has a value that can't be recognized by AWS WAF.
2. Modify this parameter to a resource supported by AWS WAF.